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Remarks 

Claims 24-28, 34, and 36-45 are pending. 



Response to Arguments 

1 . Applicant's arguments with respect to claim 24-28, 34, and 36-45 have 
been considered but are moot in view of the new ground(s) of rejection. 



Claim Objections 

2. Claims 24, 34, 40-43, and 45 are objected to because of the following 
informalities: 

- Claim 24 recites "adjusting data properties of each of the items", 
however no such data properties are discussed in the application. 
Claim 26 clarifies this to labeling each item with a zone enumeration, 
however, the scope of "data properties" in claim 24 is unclear. Claim 
34 has the same issue. 

- Claim 34 and claims dependent therefrom (40-43 and 45) interchange 
use of "administrative rights" and "rights". It is unclear whether these 
are supposed to be different rights, or if they are the same rights, just 
referred to in different manners. As an example, the end of the 
preamble of claim 34 refers to "administrative rights", while the end of 
the final limitation of claim 34 has been amended to remove the word 
"administrative" before "rights". 

Appropriate correction is required. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

3. Claims 24-28, 34, and 36-45 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Glasser (U.S. Patent 6,061 ,684) in view of Nowicki (U.S. 
Patent 7,146,377). 

Regarding Claim 24, 

Glasser discloses in a computer system, the computer 
system including system memory, a processor, and a computer- 
readable medium, a data store and a method store being stored on 
the computer-readable medium, the data store and method store 
arranged together in a combined item hierarchy on the computer- 
readable medium, the data store having at least one data item that 
depends from a method in the method store and the method store 
having at least one method that depends from data in the data 
store, the combined item hierarchy being divided into one or more 
non-overlapping security zones, each of the one or more non- 
overlapping security zones being defined as a grouping of one or 
more data items and one or more method items having common 
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security rules such that principals with rights to items in a non- 
overlapping security zone can treat all items in the non-overlapping 
security zone uniformly in accordance with common security rules, 
a method of splitting the one or more non-overlapping security 
zones into a plurality of non-overlapping security zones to facilitate 
more efficient assignment of rights to principals, comprising: 

An act of identifying a grouping of data items and method 
items in the combined item hierarchy (Figure 4; and Column 4, lines 
20-35; showing that the hierarchical file system includes files, 
wherein the files are data files, program files, or other computer 
information files. Hereafter, any time data and method items are 
referenced with respect to Glasser, this citation is pertinent, but will 
not be identified in each instance, in order to provide clear 
reference to pertinent citations) for which new common security 
rules are to be enforced, the identified grouping of data items and 
method items currently included in an existing non-overlapping 
zone from among the one or more non-overlapping zones, existing 
common security rules being enforced within the existing non- 
overlapping zone, the new common security rules differing from the 
existing common security rules being enforced within the existing 
non-overlapping zone (Column 7, lines 41-64; Column 8, lines 27- 
39; and Column 8, line 55 to Column 9, line 25; a resource is 
selected, wherein the resource will be given different rules than the 
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resource's parent (where the parent has an ACL that is inherited by 
the selected resource) and, likewise, the rest of the resources that 
inherit the ACL of the parent. The change to rights will include 
providing the selected resource with a new ACL, which will be 
propagated and inherited by resources descending from the 
selected resource); 

An act of the processor re-configuring the one or more non- 
overlapping security zones so that rights can be assigned at a 
granularity that is finer than an entire database yet coarse enough 
so as to not require assignment for each item, including: 

An act of splitting the existing non-overlapping 
security zone into a new non-overlapping security zone and 
a remnant of the existing non-overlapping security zone, the 
arrangement of the new non-overlapping security zone 
relative to the remnant of the existing non-overlapping 
security zone based on the location of the identified grouping 
of data items and method items within the combined item 
hierarchy, the new non-overlapping security zone for 
containing the identified grouping of data items and method 
items, the remnant of the existing non-overlapping security 
zone containing at least one data item or method item from 
the existing non-overlapping security zone, wherein the 
splitting is restricted in such a way as to prevent overlapping 
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between security zones and such that none of the data items 
and method items are included in more than one security 
zone (Figure 4; Column 7, lines 41-64; Column 8, lines 27- 
39; and Column 8, line 55 to Column 9, line 25); 
For any principals that had existing rights in the existing non- 
overlapping security zone based on the existing common security 
rules being enforced in the existing non-overlapping security zone 
at the time the existing non-overlapping security zone was split, an 
act of retaining those existing rights in the new non-overlapping 
security zone, including in the identified grouping of data items and 
method items, subsequent to splitting the existing non-overlapping 
security zone and subsequent to adjusting data properties to 
represent that the identified grouping of data items and method 
items are contained in the new non-overlapping security zone 
(Figures 4-5; Column 7, lines 41-64; Column 8, lines 27-39; and 
Column 8, line 55 to Column 9, line 25; in the case of adding a user 
to the ACL, the previous entities listed in the ACL (the ACL 
inherited from the ascendant in this case) will still have access, as 
that previously inherited ACL is copied and then changes are 
made, such as adding users. The new user is additionally provided 
with access to the resource and any resources that inherit the ACL 
of this resource); and 
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An act of granting one or more other rights in the new non- 
overlapping security zone to one or more additional principals in 
accordance with the new common security rules, assigning the 
other rights to the new non-overlapping security zone collectively 
granting the other rights to each item in the identified grouping of 
data items and method items through the assignment of the other 
rights to the new non-overlapping security zone, the other rights 
differing from the existing rights (Figures 4-5; Column 7, lines 41- 
64; Column 8, lines 27-39; and Column 8, line 55 to Column 9, line 
25; in the case of adding a user, this new user is provided with 
rights to the resource and any resources that inherit the ACL of this 
selected resource). 

But does not appear to explicitly disclose adjusting data 
properties of each of the items in the identified grouping of data 
items and method items to represent that the identified grouping of 
data items and method items are contained in the new non- 
overlapping security zone. 

Nowicki, however, discloses adjusting data properties of 
each of the items in the identified grouping of data items and 
method items to represent that the identified grouping of data items 
and method items are contained in the new non-overlapping 
security zone (Figures 5 and 7; Column 8, lines 25-54; and Column 
9, lines 1-9; changing partition identifiers and/or directory identifiers, 
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for example, to indicate that the item is in a specific/new partition or 
directory); and 

That each non-overlapping security zone can contain both 
method and data items (Column 3, line 61 to Column 4, line 3; 
Column 6, line 48 to Column 7, line 10; and Column 12, lines 26- 
36; showing resources being data and method items, placing a 
slower process in a partition/zone dedicated to slower processes, 
and that each partition may include both data and method items). It 
would have been obvious to one of ordinary skill in the art at the 
time of applicant's invention to incorporate the partitioning 
techniques of Nowicki into the access control system of Glasser in 
order to allow the system to dynamically arrange and rearrange 
items stored in a file hierarchy in such a manner that they can be 
moved to a partition dedicated to the particular type of item and the 
partitions can be merged in the case that multiple partitions are to 
have the same policies, and/or to allow for explicit designation 
within a file handle for each file/item as to which partition and 
directory the file/item currently resides. 

Regarding Claim 34, 

Claim 34 is a computer program product claim that 
corresponds to method claim 24 and is rejected for the same 
reasons. 

Regarding Claim 25, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that specifying the one or 
more additional principals is performed by the one or more main 
principals (Column 7, lines 41-54; the user is verified as having 
appropriate permissions for the resource(s)). 

Regarding Claim 38, 

Claim 38 is a computer program product claim that 
corresponds to method claim 25 and is rejected for the same 
reasons. 

Regarding Claim 26, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Nowicki discloses that the act of adjusting 
data properties of each of the items in the identified grouping of 
data items and method items comprises labeling each of the items 
with a security zone enumeration corresponding to the new non- 
overlapping security zone (Figures 5 and 7; Column 8, lines 25-54; 
and Column 9, lines 1-9; partition and/or directory identifiers). 

Regarding Claim 39, 

Claim 39 is a computer program product claim that 
corresponds to method claim 26 and is rejected for the same 
reasons. 

Regarding Claim 27, 
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Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being security 
rights (Column 7, lines 41-64; Column 8, lines 10-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 40, 

Claim 40 is a computer program product claim that 
corresponds to method claim 27 and is rejected for the same 
reasons. 
Regarding Claim 28, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses the rights being auditing 
rights (Column 7, lines 41-64; Column 8, lines 10-39; and Column 
8, line 55 to Column 9, line 25). 
Regarding Claim 41 , 

Claim 41 is a computer program product claim that 
corresponds to method claim 28 and is rejected for the same 
reasons. 
Regarding Claim 36, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the existing common 
security rules comprise an ACL defining the rights a principal has to 
the items in the remnant of the existing non-overlapping security 
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zone (Column 7, lines 41-64; Column 8, lines 10-39; and Column 8, 
line 55 to Column 9, line 25). 

Regarding Claim 42, 

Claim 42 is a computer program product claim that 
corresponds to method claim 36 and is rejected for the same 
reasons. 

Regarding Claim 37, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the new common 
security rules comprise an ACL defining the rights a principal has to 
the items in the new non-overlapping security zone (Column 7, 
lines 41-64; Column 8, lines 10-39; and Column 8, line 55 to 
Column 9, line 25). 

Regarding Claim 43, 

Claim 43 is a computer program product claim that 
corresponds to method claim 37 and is rejected for the same 
reasons. 

Regarding Claim 44, 

Glasser as modified by Nowicki discloses the method of 
claim 24, in addition, Glasser discloses that the act of granting 
other rights in the new non-overlapping security zone to one or 
more additional principals in accordance with the new common 
security rules comprises an act of granting a set of rights in the 
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non-overlapping security zone to the one or more additional 
principals so as to collectively grant the set of rights to the one or 
more additional principals for each item in the new non-overlapping 
security zone, the set of rights including one or more rights selected 
from among read, write, delete, and execute (Column 7, lines 41- 
64; Column 8, lines 10-39; and Column 8, line 55 to Column 9, line 
25). 

Regarding Claim 45, 

Claim 45 is a computer program product claim that 
corresponds to method claim 44 and is rejected for the same 
reasons. 



Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
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calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to JEFFREY D. POPHAM whose telephone 
number is (571)272-7215. The examiner can normally be reached on M-F 9:00- 
5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571)272-3865. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). If you would like assistance from a USPTO Customer Service 
Representative or access to the automated information system, call 800-786- 
91 99 (IN USA OR CANADA) or 571 -272-1 000. 

Jeffrey D Popham 
Examiner 
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